Solved: Remove HTTP Port in Alert Email Link

fredclown · ‎05-01-2024

We have a load balancer sitting in front of our search head cluster that is reverse proxying the connection to the search heads over https port 443. The search head web interfaces are running on port 8000. The issue is when our search heads send out alert emails they append 8000 to the load balancer url which doesn't work because the load balancer is listening on 443. Is there a way to tell the search heads to leave off the port or specify a different port explicitly in the alert emails?

fredclown · ‎05-01-2024

Oh, I think I just found the answer. Looks like in the alert_actions.conf file there is the hostname property that if you explicitly put https:// in front of the url then you can avoid having it tack on the web port when it sends emails.

https://docs.splunk.com/Documentation/Splunk/latest/Admin/Alertactionsconf

View solution in original post

fredclown · ‎05-01-2024

Oh, I think I just found the answer. Looks like in the alert_actions.conf file there is the hostname property that if you explicitly put https:// in front of the url then you can avoid having it tack on the web port when it sends emails.

https://docs.splunk.com/Documentation/Splunk/latest/Admin/Alertactionsconf

Remove HTTP Port in Alert Email Link

alert action

email

Detecting Remote Code Executions With the Splunk Threat Research Team

Enter the Dashboard Challenge and Watch the .conf24 Global Broadcast!

Join Us at the Builder Bar at .conf24 – Empowering Innovation and Collaboration